Member Avatar for SheSaidImaPregy

Hello, I need to remove letters and characters from a request.querystring in order to convert it into an integer. This is only extra precaution from people screwing around in the address bar directly. I have enough protection in place to protect errors. Let's say that I want to retrieve a current location that is kept by an integer from the querystring.

http.//www.mydomain.com/direction.aspx?loc=2

This works great, but then if someone does this:

http.//www.mydomain.com/direction.aspx?loc=2sdf;DROP

or something like it, it just automatically redirects to loc=1. I was hoping that someone could help me figure out how to request.querystring("loc") then pull out the invalid characters to keep it a string. Thinking off the top of my head, this is all I can think of which is FAR too lengthy. I know there is a shorter way:

Function MakeInteger()
Dim i As Integer
Dim loc As String = request.QueryString("loc")

Do While Not IsNumeric(loc)
  loc = Replace(loc, "a", "")
  loc = Replace(loc, "b", "")
  ...
  ...
loop
Return (loc)
End Function

Is there a way to do something like: loc = Replace(loc, [A-z], "") ?

I found this in C# I believe. Maybe someone who knows how to validly convert it to VB? Thanks

StringBuilder sb = new StringBuilder ();
for (int i=0; i< string.Length; i++)
if (char.IsLetterOrDigit(string[i])
sb.Append(string[i]);
  • 2 Contributors
  • 6 Replies
  • 353 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by sauru_garg
Member Avatar for sauru_garg

h well i can only tell u as much as to use split functions , u can serch net for details , they split string into array of strings as needed, use the needed array member , more i can telll if u explain the problem in detail

Member Avatar for SheSaidImaPregy

I looked up the (char.IsLetterOrDigit) function. It seems like it would be best for me and I will probably do that later. I am pulling information from a database via integers found on the querystring. But I want extra protection that doesn't require redundant code. I know I can pull the information from the querystring and do a replace function for every character in the aplhabet, but that is 26 lines of code executed repeatedly whereas I should be able to search all A-z letters and remove them with a couple lines of code. I guess this is something I can do:

Function Public ConvertInt(ByVal stringtoint As String) As Integer
Dim i As Integer
'for this case, stringtoint will be equal to request.querystring("id") or something similiar

Do While Not IsNumeric(stringtoint)
  for i=0 to Len(stringtoint)
    If (char.IsLetterOrDigit(i)) = False then
      stringtoint = Replace(stringtoint, (char.IsLetterOrDigit(i)), "")
    End if
  next
loop
Return (stringtoint)
End Function

understand what I am after? I need to retrieve the querystring from the url. The querystring must be integer to proceed so I need to remove all letters and special chars.

Member Avatar for sauru_garg

yep dear , i got what u said , u want numerics and only numerics in querystring , and u are protecting against directly jotted querystring values in url..... thats right
well i have been taught to use query string in the least secure pages, well there are no of options like viewstate, session or application , u can use global vars too, but still if u r bent upon using query string than i might find out something about it, u'll have to do something like picking up each char and check for int. and ignore the whole if anything else... like that na
wel,, m from india , where r u from

---------------------------------------------------------------------------------------------------

I looked up the (char.IsLetterOrDigit) function. It seems like it would be best for me and I will probably do that later. I am pulling information from a database via integers found on the querystring. But I want extra protection that doesn't require redundant code. I know I can pull the information from the querystring and do a replace function for every character in the aplhabet, but that is 26 lines of code executed repeatedly whereas I should be able to search all A-z letters and remove them with a couple lines of code. I guess this is something I can do:

Function Public ConvertInt(ByVal stringtoint As String) As Integer
Dim i As Integer
'for this case, stringtoint will be equal to request.querystring("id") or something similiar

Do While Not IsNumeric(stringtoint)
  for i=0 to Len(stringtoint)
    If (char.IsLetterOrDigit(i)) = False then
      stringtoint = Replace(stringtoint, (char.IsLetterOrDigit(i)), "")
    End if
  next
loop
Return (stringtoint)
End Function

understand what I am after? I need to retrieve the querystring from the url. The querystring must be integer to proceed so I need to remove all letters and special chars.

Member Avatar for SheSaidImaPregy

I'm from the US. Yeah, I have been working on a function that checks whether or not EACH digit in the string is a digit or not. The problem I am receiving from this is that if the querystring says "3serd", it says that there are invalid characters in the string. Can't seem to work around that. It's a unrequired extra protection and to keep functionality the best it can be. The only reason you should use querystrings is if you want the page to be bookmarked and that the information pulled is in no way required for any vital information via database. Like, if you have your url at mydomain.com/tutorial.aspx?id=209882, you can save it as a bookmark. But if you send your id's via textboxes or sessions, if someone bookmarks your page and comes back to it later, it will fail. As the only thing they see and your server see's is: mydomain.com/tutorial.aspx And I am sure you have some kind of coding that if there is no id specified, you redirect to another page which allows the user to pick or specify an id. You know what I mean? It's for bookmarking and favorites the use of querystrings. I also use UserID's in querystrings but only for the user's view as there requires serverside and session variables for that. I get picked on here and there for that, but I like seeing userid's, always have!

Anyway, this is what I have so far for my function above that fails if there are anything besides digits:

'Public Function MakeInt(ByVal stringint As String) As String
'Dim i As Integer
'
'if Len(stringint) > 0 then
'	Do While Not IsNumeric(stringint)
'		for i=0 to Len(stringint)
'			if (Char.IsDigit(stringint, (i))) = False then
'				stringint = Replace(stringint, (Mid(stringint, (i), 1)), "")
'			end if
'		next
'	loop
'	Return (stringint)
'end if
'End Function

I am also working on this one below but haven't tested it yet. It should work.. :)

'Public Function MakeInt(ByVal stringint As String) As String
'Dim lngCount As Long
'Dim strOut As String
'if not isnull(stringint) then
'	for lngCount = 1 to len(stringint)
'		if isnumeric(mid$(stringint, lngCount, 1)) then
'			strOut = strOut & mid$(stringint, lngCount, 1)
'		end if
'	next lngCount
'end if
'MakeInt = strOut
'end function
Member Avatar for SheSaidImaPregy

Solved it. This works. Drops everything besides the digits.

Public Function MakeInt(ByVal stringint As String) As String
Dim lngCount As Long
Dim strOut As String
if Len(stringint) > 0 then
  for lngCount = 1 to len(stringint)
    if isnumeric(mid$(stringint, lngCount, 1)) then
      strOut = strOut & mid$(stringint, lngCount, 1)
    end if
  next lngCount
end if
MakeInt = strOut
End Function
Member Avatar for sauru_garg

well thats good, now i understood , why u wanted to do querystrings ...
keep in touch

Solved it. This works. Drops everything besides the digits.

Public Function MakeInt(ByVal stringint As String) As String
Dim lngCount As Long
Dim strOut As String
if Len(stringint) > 0 then
  for lngCount = 1 to len(stringint)
    if isnumeric(mid$(stringint, lngCount, 1)) then
      strOut = strOut & mid$(stringint, lngCount, 1)
    end if
  next lngCount
end if
MakeInt = strOut
End Function
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.